Abhishekmishra2808 commented on code in PR #608:
URL:
https://github.com/apache/tooling-trusted-releases/pull/608#discussion_r2742289759
##########
atr/mail.py:
##########
@@ -59,28 +61,34 @@ async def send(message: Message) -> tuple[str, list[str]]:
# UUID4 is entirely random, with no timestamp nor namespace
# It does have 6 version and variant bits, so only 122 bits are random
mid = f"{uuid.uuid4()}@{global_domain}"
- headers = [
- f"From: {from_addr}",
- f"To: {to_addr}",
- f"Subject: {message.subject}",
- f"Date: {utils.formatdate(localtime=True)}",
- f"Message-ID: <{mid}>",
- ]
- if message.in_reply_to is not None:
- headers.append(f"In-Reply-To: <{message.in_reply_to}>")
- # TODO: Add message.references if necessary
- headers.append(f"References: <{message.in_reply_to}>")
-
- # Normalise the body padding and ensure that line endings are CRLF
- body = message.body.strip()
- body = body.replace("\r\n", "\n")
- body = body.replace("\n", "\r\n")
- body = body + "\r\n"
-
- # Construct the message
- msg_text = "\r\n".join(headers) + "\r\n\r\n" + body
+
+ # Use EmailMessage with Address objects for gold-standard CRLF injection
protection
Review Comment:
Removed the phrase 'gold-standard' from both the code comments and test
docstrings to maintain a more objective and professional tone.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
